At a Black Hat security conference in Las Vegas, IOActive researcher Ruben Santamarta presented several serious code vulnerabilities for the Boeing 787 Dreamliner aircraft component.This component is known as the Crew Information Service / Maintenance System (CIS / MS). CIS / MS is responsible for applications such as maintenance systems and the so-called “electronic summer bag”, a collection of navigation documents and manuals used by pilots.
“Exploiting memory corruption vulnerabilities in CIS / MS allows an attacker to exploit these flaws to send commands to the much more sensitive components that control aircraft-critical safety systems, including engine, brakes, and sensors”, — Ruben Santamarta said.
Boeing categorically denies the possibility of such an attack and rejects the researcher’s claim about a potential attack vector. According to the company, additional security systems in CIS / MS do not allow exploiting the vulnerabilities presented.
Although Santamarta discovered the code in the public domain last year and acknowledges that he did not have complete information about aircraft systems, other avionics cybersecurity researchers agreed that the flaws found in the code constituted a neglect of cyber security by Boeing.
Santamarta also claims to have been able to spy on planes due to vulnerabilities in satellite communications equipment, such as antennas that send data to planes and modems inside the planes. All of them can be used remotely, without physical access to equipment.
“In our case, there was a configuration error that we corrected within two hours of notification last December. We have implemented additional layers of security to prevent similar actions”, — said Doug Murri, VP for operations at Global Eagle.
A spokesperson for Global Eagle also said that the company’s infotainment and Wi-Fi systems are separate from aircraft safety systems, indicating that there is no threat to the lives of passengers.
User Review( votes)